VYPR

Thunderbird

by Mozilla Corporation

Source repositories

CVEs (1,863)

  • CVE-2014-1477CriFeb 6, 2014
    risk 0.64cvss 9.8epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2013-5616CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.07

    Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2013-5615CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.04

    The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact…

  • CVE-2013-5613CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.09

    Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap…

  • CVE-2013-5609CriDec 11, 2013
    risk 0.64cvss 9.8epss 0.08

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2016-1960HigMar 13, 2016
    risk 0.63cvss 8.8epss 0.31

    Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as…

  • CVE-2026-8959CriMay 19, 2026
    risk 0.62cvss 9.6epss 0.00

    Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-8953CriMay 19, 2026
    risk 0.62cvss 9.6epss 0.01

    Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-7321CriApr 28, 2026
    risk 0.62cvss 9.6epss 0.00

    Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.

  • CVE-2026-8950CriMay 19, 2026
    risk 0.60cvss 9.3epss 0.00

    Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

  • CVE-2026-12316CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2026-12315CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.00

    Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-12304CriJun 16, 2026
    risk 0.59cvss 9.1epss 0.00

    Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-8948CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

  • CVE-2026-4724CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-4716CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-4715CriMar 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-2806CriFeb 24, 2026
    risk 0.59cvss 9.1epss 0.00

    Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2025-8037CriJul 22, 2025
    risk 0.59cvss 9.1epss 0.00

    Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and…

  • CVE-2025-6427CriJun 24, 2025
    risk 0.59cvss 9.1epss 0.00

    An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

Page 11 of 94